CVE-2009-4214

Description

Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.

Affected products

• rubyonrails / rails2.3.2 – 2.3.2
• rubyonrails / rails2.3.3 – 2.3.3
• rubyonrails / rails2.3.4 – 2.3.4
• rubyonrails / rails0.9.1 – 0.9.1
• rubyonrails / rails0.9.2 – 0.9.2
• rubyonrails / rails0.9.3 – 0.9.3
• rubyonrails / rails0.9.4 – 0.9.4
• rubyonrails / rails0.9.4.1 – 0.9.4.1
• rubyonrails / rails0.10.0 – 0.10.0
• rubyonrails / rails0.10.1 – 0.10.1
• rubyonrails / rails0.11.0 – 0.11.0
• rubyonrails / rails0.11.1 – 0.11.1
• rubyonrails / rails0.12.0 – 0.12.0
• rubyonrails / rails0.12.1 – 0.12.1
• rubyonrails / rails0.13.0 – 0.13.0
• rubyonrails / rails0.13.1 – 0.13.1
• rubyonrails / rails0.14.1 – 0.14.1
• rubyonrails / rails0.14.2 – 0.14.2
• rubyonrails / rails0.14.3 – 0.14.3
• rubyonrails / rails0.14.4 – 0.14.4
• rubyonrails / rails1.0.0 – 1.0.0
• rubyonrails / rails1.1.0 – 1.1.0
• rubyonrails / rails1.1.1 – 1.1.1
• rubyonrails / rails1.1.2 – 1.1.2
• rubyonrails / rails1.1.3 – 1.1.3
• rubyonrails / rails1.1.4 – 1.1.4
• rubyonrails / rails1.1.5 – 1.1.5
• rubyonrails / rails1.1.6 – 1.1.6
• rubyonrails / rails1.2.0 – 1.2.0
• rubyonrails / rails1.2.1 – 1.2.1
• rubyonrails / rails1.2.2 – 1.2.2
• rubyonrails / rails1.2.3 – 1.2.3
• rubyonrails / rails1.2.4 – 1.2.4
• rubyonrails / rails1.2.5 – 1.2.5
• rubyonrails / rails1.2.6 – 1.2.6
• rubyonrails / rails1.9.5 – 1.9.5
• rubyonrails / rails2.0.0 – 2.0.0
• rubyonrails / rails2.0.0 – 2.0.0
• rubyonrails / rails2.0.0 – 2.0.0
• rubyonrails / rails2.0.1 – 2.0.1
• rubyonrails / rails2.0.2 – 2.0.2
• rubyonrails / rails2.0.4 – 2.0.4
• rubyonrails / rails2.1.0 – 2.1.0
• rubyonrails / rails2.1.1 – 2.1.1
• rubyonrails / ruby_on_rails2.1.2
• rubyonrails / ruby_on_rails0.5.0 – 0.5.0
• rubyonrails / ruby_on_rails0.5.5 – 0.5.5
• rubyonrails / ruby_on_rails0.5.6 – 0.5.6
• rubyonrails / ruby_on_rails0.5.7 – 0.5.7
• rubyonrails / ruby_on_rails0.6.0 – 0.6.0
• rubyonrails / ruby_on_rails0.6.5 – 0.6.5
• rubyonrails / ruby_on_rails0.7.0 – 0.7.0
• rubyonrails / ruby_on_rails0.8.0 – 0.8.0
• rubyonrails / ruby_on_rails0.8.5 – 0.8.5
• rubyonrails / ruby_on_rails0.9.0 – 0.9.0

References

• MISChttp://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
• VENDOR_ADVISORYhttp://secunia.com/advisories/37446
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/3352
• VENDOR_ADVISORYhttp://www.debian.org/security/2011/dsa-2301
• MAILING_LISThttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
• MISChttp://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released
• MISChttp://www.securityfocus.com/bid/37142
• VENDOR_ADVISORYhttp://www.debian.org/security/2011/dsa-2260
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2009/11/27/2
• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
• VENDOR_ADVISORYhttp://support.apple.com/kb/HT4077
• MISChttp://www.securitytracker.com/id?1023245
• VENDOR_ADVISORYhttp://secunia.com/advisories/38915
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2009/12/08/3
• PATCHhttp://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5